Techniques for Risk and Constraint-Based Inspection

1. A method for risk and constraint-based cybersecurity inspection of a computing environment, comprising: querying an application programming interface (API) of a computing environment to detect a plurality of workloads deployed therein; determining a constraint for inspection of the computing environment; provisioning resources of the computing environment to an inspection account based on the determined constraint, wherein the inspection account is a principal authorized to initiate actions in the computing environment; and initiating inspection of the plurality of workloads utilizing the provisioned resources.

2. The method of claim 1, further comprising: detecting a cybersecurity risk in the computing environment; and adjusting the provisioned resources based on the detected cybersecurity risk.

3. The method of claim 2, wherein detecting a cybersecurity risk further comprises: inspecting a workload of the plurality of workloads for a cybersecurity object; and detecting the cybersecurity object on the workload, wherein the cybersecurity object indicates a cybersecurity risk.

4. The method of claim 1, further comprising: initiating inspection of a cloud entity of a control plane of the computing environment.

5. The method of claim 1, further comprising: initiating inspection of a cloud entity of a data plane of the computing environment.

6. The method of claim 1, wherein determining a constraint further comprises: determining for each workload of the plurality of workloads a resource utilization; and determining a resource utilization of an inspector workload.

7. The method of claim 1, further comprising: detecting a cybersecurity object on a first workload of the plurality of workloads, the cybersecurity object indicating a cybersecurity issue; selecting a periodic time for inspection based on the cybersecurity issue, wherein the periodic time is the determined constraint; and initiating inspection of the first workload periodically based on the selected periodic time.

8. The method of claim 1, further comprising: provisioning, based at least on the determined constraint, a network bandwidth between the computing environment and an inspection environment.

9. The method of claim 8, further comprising: receiving a result of the initiating inspection from an inspector workload; and generating a representation based on the result in a security database, wherein the security database includes a representation of the computing environment.

10. The method of claim 1, further comprising: detecting a code object utilized to deploy a first workload of the plurality of workloads in the computing environment; and determining a resource utilization of the first workload based on a static analysis of the code object.

11. The method of claim 1, further comprising: deprovisioning a resource provisioned to the inspection account in response to determining that the resource is not utilized during inspection.

12. The method of claim 1, further comprising: receiving a resource constraint, the resource constraint indicating a limit on resource utilization of the computing environment; and provisioning resources for inspection further based on the received resource constraint.

13. A non-transitory computer-readable medium storing a set of instructions for risk and constraint-based cybersecurity inspection of a computing environment, the set of instructions comprising: one or more instructions that, when executed by one or more processing circuitries of a device, cause the device to: query an application programming interface (API) of a computing environment to detect a plurality of workloads deployed therein; determine a constraint for inspection of the computing environment; provision resources of the computing environment to an inspection account based on the determined constraint, wherein the inspection account is a principal authorized to initiate actions in the computing environment; and initiate inspection of the plurality of workloads utilizing the provisioned resources.

14. A system for risk and constraint-based cybersecurity inspection of a computing environment comprising: one or more processing circuitries configured to: query an application programming interface (API) of a computing environment to detect a plurality of workloads deployed therein; determine a constraint for inspection of the computing environment; provision resources of the computing environment to an inspection account based on the determined constraint, wherein the inspection account is a principal authorized to initiate actions in the computing environment; and initiate inspection of the plurality of workloads utilizing the provisioned resources.

15. The system of claim 14, wherein the one or more processing circuitries are further configured to: detect a cybersecurity risk in the computing environment; and adjust the provisioned resources based on the detected cybersecurity risk.

16. The system of claim 15, wherein the one or more processing circuitries, when detecting a cybersecurity risk, are configured to: inspect a workload of the plurality of workloads for a cybersecurity object; and detect the cybersecurity object on the workload, wherein the cybersecurity object indicates a cybersecurity risk.

17. The system of claim 14, wherein the one or more processing circuitries are further configured to: initiate inspection of a cloud entity of a control plane of the computing environment.

18. The system of claim 14, wherein the one or more processing circuitries are further configured to: initiate inspection of a cloud entity of a data plane of the computing environment.

19. The system of claim 14, wherein the one or more processing circuitries, when determining a constraint, are configured to: determine for each workload of the plurality of workloads a resource utilization; and determine a resource utilization of an inspector workload.

20. The system of claim 14, wherein the one or more processing circuitries are further configured to: detect a cybersecurity object on a first workload of the plurality of workloads, the cybersecurity object indicating a cybersecurity issue; select a periodic time for inspection based on the cybersecurity issue, wherein the periodic time is the determined constraint; and initiate inspection of the first workload periodically based on the selected periodic time.

21. The system of claim 14, wherein the one or more processing circuitries are further configured to: provision, based at least on the determined constraint, a network bandwidth between the computing environment and an inspection environment.

22. The system of claim 21, wherein the one or more processing circuitries are further configured to: receive a result of the initiating inspection from an inspector workload; and generate a representation based on the result in a security database, wherein the security database includes a representation of the computing environment.

23. The system of claim 14, wherein the one or more processing circuitries are further configured to: detect a code object utilized to deploy a first workload of the plurality of workloads in the computing environment; and determine a resource utilization of the first workload based on a static analysis of the code object.

24. The system of claim 14, wherein the one or more processing circuitries are further configured to: deprovision a resource provisioned to the inspection account in response to determining that the resource is not utilized during inspection.

25. The system of claim 14, wherein the one or more processing circuitries are further configured to: receive a resource constraint, the resource constraint indicating a limit on resource utilization of the computing environment; and provision resources for inspection further based on the received resource constraint.